1. Field of the Invention
This invention pertains in general to computer security and in particular to the identification of malware.
2. Description of the Related Art
There is a wide variety of malicious software (malware) that can attack modern computers. Malware threats include computer viruses, worms, Trojan horse programs, spyware, adware, crimeware, and phishing websites. Modern malware is often designed to provide financial gain to the attacker. For example, malware can surreptitiously capture important information such as logins, passwords, bank account identifiers, and credit card numbers. Similarly, the malware can provide hidden interfaces that allow the attacker to access and control the compromised computer.
Software applications that are downloaded and installed on a user client can either be vulnerable to malware attacks or contain malware. Usually the software applications are downloaded and installed by a user who has some knowledge of the reputation associated with the software application (e.g. knowledge of a reputation of the manufacturer of the software, knowledge of the reliability of the software application). Knowledge of the reputation of the software allows the user to assess the likelihood that the software application is malicious. However, in the case of malware, the software applications can be downloaded or installed on the user's client without the user's knowledge. Thus, even if all the applications on the client known to the user have good reputations, this does not guarantee that the client is free of malware.
Software applications installed on a user's client may be automatically detected by security software programs but it can be difficult for even the security software to assess the reputation of all of the software applications installed on a user's client. Because of the large number of software applications that are constantly being introduced in modern computing environments, reputation information is not known for many software applications. It is particularly difficult to assess the reputation of malware because of “polymorphisms” or engineered variations in the malware which cause the security software to identify it as a different software application.
Accordingly, there is a need in the art for improved methods of assessing the reputations of software applications installed on clients.